Exhibit B 
'tzlbacl4.log' 



SQL> ©tzlasOl 
SQL> 

SQL> CONNECT LBACSYS/LBACSYS 

Connected. 

SQL> 

SQL> Create two SA policies 

SQL> EXECUTE SA_SYSDBA . CREATE_POLICY ( ■ SA1 1 , ■ SAl_COL ' , » ALL_CONTROL ' ) ; 
PL/ SQL procedure successfully completed. 

SQL> EXECUTE SA_SYSDBA . CREATE_POLICY ( 1 SA2 ' , ' SA2_COL 1 , 1 NO_CONTROL 1 ) ; 

PL/ SQL procedure successfully completed. 

SQL> 

SQL> Initialize PUBLIC labels for them 

SQL> EXECUTE SA_L ABELS . CREATE_LEVEL ( ' SA1 ' , 0 , ' PUBLIC 1 , 1 PUBLIC Level ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_LEVEL ( ' SA2 ' , 0 , ' PUBLIC 1 , ' PUBLIC Level » ) ; 

PL/SQL procedure successfully completed. 

SQL> 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( 1 sal ' , 10 , ' public 1 ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE S A__LAB E L__ADM I N . CREATE_LABEL ( ' sa2 ' , 10 , 1 public ' ) / 
BEGIN SA_LABEL_ADMIN. CREATE_LABEL ( ' sa2 ',10 , 1 public ' ) ; END/ 



ERROR at line 1: 

ORA-12432: LBAC error: Label with the given label_tag: 10 already exists 
ORA-06512: at " LBACSYS . LBAC__STANDARD " , line 0 
ORA-06512: at " LBACSYS . LB AC__LABEL_ADM IN" , line 57 
ORA-06512: at line 1 



SQL> 

SQL> Setup some labels for policy SA1 

SQL> EXECUTE SA_LABELS . CREATE_LEVEL ( ' sal ' , 10 , ■ c ' , 1 confidential ■ ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE__LEVEL ( » sal 1 , 2 0 , ' S » , ' SECRET ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_LEVEL ( ' sal • , 30 , 1 ts 1 , ' Top Secret " ) ; 

PL/SQL procedure successfully completed. 

SQL> 

SQL> EXECUTE SA^LABELS . CREATE_COMPARTMENT ( 1 sal • , 5 , 'A' , ■ ALPHA ' ) ; 



PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_COMPARTMENT ('sal', 10, ' b ' , • beta 1 ) ; 

PL/ SQL procedure successfully completed. 

SQL> 

SQL> EXECUTE SA_LABELS . CREATE_GROUP ( ' sal ' , 5 , ' Gl ' , ' group 1 ' ) ; 
PL/ SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATE_GROUP ( ' sal ' , 51 , 1 G2 ■ , ' group 2 • , ' Gl ■ ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABELS . CREATEJ3ROUP ( * sal ' , 52 , ' G3 ' , ' group 3 » , ' Gl 1 ) ; 

PL/SQL procedure successfully completed. 

SQL> 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal » , 2 00 , ' c 1 ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal • , 225 / , C:b / a')/ 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( ' sal » , 2 10 , ' C : a ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE_LABEL ( 1 sal ',205, 1 C : : g2 ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_LABEL_ADMIN . CREATE _LABEL ( 1 sal ' , 3 00 , 1 S ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE S A_LAB E L_ADM I N . CREATE_LABEL ( ' sal ' , 3 10 , 1 s : a 1 ) ; 

PL/SQL procedure successfully completed. 

SQL> 

SQL> -- Generate some labels 

SQL> SELECT LABEL JTOJTHAR (TO_SA_LABEL ( ■ sal ' , 1 C : a : gl » ) ) FROM DUAL ; 

LAB EL__TO_CHAR (TO_SA_LABEL ( ' SA1 ■ , 1 C : A : Gl ' ) ) 

C:A:G1 

1 row selected. 

SQL> SELECT LABEL_TO_CHAR (TO_SA_LABEL { ' sal • , ' S : a , b ' ) ) FROM DUAL; 
LABEL TO CHAR (TO SA LABEL ( 1 SA1 ' , ' S ; A, B 1 ) ) 



S:A,B 

1 row selected. 

SQL> SELECT LABEL_TO__CHAR (TO_SA_LABEL ( 1 sal 1 , 'public : a :gl 1 ) ) FROM DUAL; 
LABEL_TO_CHAR (TO_SA_LABEL ( 1 SA1 1 , ' PUBLIC : A: Gl ' ) ) 



PUBLIC: A: Gl 

1 row selected. 

SQL> 

SQL> COL POLICY_NAME FORMAT A15 

SQL> COL LABEL FORMAT A2 0 

SQL> SELECT * FROM DBA_SA_LABELS ; 



POLICY NAME LABEL LABEL TAG LABEL TYPE 



SA1 PUBLIC 10 USER LABEL 

SA1 C 2 00 USER/DATA LABEL 

SA1 C::G2 205 USER/DATA LABEL 

SA1 C:A 210 USER/DATA LABEL 

SA1 C:A,B 225 USER/DATA LABEL 

SA1 S 3 00 USER/DATA LABEL 

SA1 S:A 310 USER/DATA LABEL 

SA1 C:A:G1 1000000000 USER/DATA LABEL 

SA1 S:A,B 1000000001 USER/DATA LABEL 

SA1 PUBLIC :A:G1 1000000002 USER/DATA LABEL 



10 rows selected. 
SQL> 

SQL> col labelvalue format a2 0 
SQL> col policy_name format alO 
SQL> SELECT * from dba_sa_labels ; 



POLICY NAM LABEL LABEL TAG LABEL TYPE 



SA1 


PUBLIC 


10 USER LABEL 


SA1 


C 


2 00 USER/DATA LABEL 


SA1 


C: :G2 


205 USER/DATA LABEL 


SA1 


C:A 


210 USER/DATA LABEL 


SA1 


C:A,B 


22 5 USER/DATA LABEL 


SA1 


S 


300 USER/DATA LABEL 


SA1 


S:A 


310 USER/DATA LABEL 


SA1 


C:A:G1 


1000000000 USER/DATA LABEL 


SA1 


S:A,B 


1000000001 USER/DATA LABEL 


SA1 


PUBLIC:A:G1 


1000000002 USER/DATA LABEL 



10 rows selected. 



SQL> 

SQL> -- Set user labels 

SQL> EXECUTE SA_USER_ADMIN . SET_LEVELS ( 1 sal » , ' SCOtt ' , » S 1 , 1 C 1 ) ; 



PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_USER_ADMIN . SET_COMPARTMENTS ( ' sal ' , ' scot t ' , ' a , b ' ) ; 
PL/SQL procedure successfully completed. 

SQL> EXECUTE SA_USER_ADMIN . SET_GROUPS ( 1 sal » , ' scott 1 , 1 Gl * ) ; 
PL/SQL procedure successfully completed. 

SQL> SELECT * FROM dba_sa_user_levels ORDER BY policy_name, user_name; 
POLICY_NAM USER_NAME MAX_LEVEL 
MIN__LEVEL DEF_LEVEL 
ROW_LEVEL 

SA1 SCOTT S 

C S 

S 



1 row selected. 

SQL> SELECT * FROM dba_sa_user_compartments ORDER BY policy_name , user_name; 

POLICY_NAM USER_NAME COMP RW_AC D 
R 

SA1 SCOTT A WRITE Y 
Y 



SA1 
Y 



SCOTT 



B 



WRITE Y 



2 rows selected. 

SQL> SELECT * fROM dba_sa_user_g roups ORDER BY policy^ame, use rename; 

POLICY_NAM USE RENAME GRP 

R 

SA1 SCOTT Gl 

Y 



RW AC D 



WRITE Y 



1 row selected. 
SQL> 

SQL> -- Look at session labels 
SQL> CONNECT scott/tiger 
Connected. 
SQL> 



SQL> create or replace FUNCTION getJList (pol IN VARCHAR2 ) 

2 RETURN VARCHAR2 IS 

3 test_list lbacsys . lbac_label_list ; 

4 begin 

5 test_list :=lbac__session.effective_labels (pol) ; 

6 RETURN label_list_to_named_char (test_list , 'effective') ; 

7 END; 

8 / 

Function created. 
SQL> 

SQL> select get_list ( ' sal 1 ) from dual; 
GET LIST ( ' SA1 ' ) 



MAX READ LABEL='S:A,B:G1,G2,G3 ' , MAX WRITE LABEL= » S : A, B : Gl , G2 , G3 • , MIN WRITE LABEL 
= 1 C ' , READ LABEL='S:A,B:G1,G2,G3 ', WRITE LABEL= ■ S : A, B : Gl , G2 , G3 ' , ROW LABEL= ' S : A, B : G 
1,02,03' 



1 row selected. 

SQL> select get_list ( ' sa2 ' ) from dual; 
GET_LIST ( ' SA2 ' ) 



1 row selected. 



SQL> 

SQL> SQL> 



